Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/QB06ZN3QBBlBCzXQ38Wxu-W0hTY.roa
File:                     QB06ZN3QBBlBCzXQ38Wxu-W0hTY.roa (raw, json)
Hash identifier:          YOe7BlkRM3bRTDlXC12POtxs/G4SQHLEyUujJ2j8le4=
Subject key identifier:   40:1D:3A:64:DD:D0:04:19:41:0B:35:D0:DF:C5:B1:BB:E5:B4:85:36
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       019423D7187849FD6F3693C3C31977D81128
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/QB06ZN3QBBlBCzXQ38Wxu-W0hTY.roa
Signing time:             Wed 01 Jan 2025 21:48:06 +0000
ROA not before:           Wed 01 Jan 2025 21:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19812
IP address blocks:        212.118.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:18:78:49:fd:6f:36:93:c3:c3:19:77:d8:11:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  1 21:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=401d3a64ddd00419410b35d0dfc5b1bbe5b48536
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b4:3f:61:9b:83:cf:f0:25:fa:05:1d:8a:5d:
                    32:60:74:a2:06:01:e5:dc:e1:da:94:a9:3b:f2:9b:
                    44:ed:43:3b:f2:50:7f:6f:3b:b9:e5:d7:c3:a4:6b:
                    ee:fe:a7:a8:4e:00:90:4e:5e:f9:b7:e8:8a:31:ca:
                    c6:08:ae:eb:3d:2d:60:f3:9f:0a:d6:e9:b9:b7:7d:
                    e4:f6:bd:47:8e:52:32:74:3d:38:ab:92:c6:32:54:
                    92:37:da:de:4f:51:1b:b5:03:9b:80:ce:e1:8d:4b:
                    11:0b:4b:96:70:22:f6:55:4f:d8:aa:f9:e4:1f:c2:
                    e8:c4:48:0a:ab:5f:50:8a:22:92:92:32:d5:1a:fa:
                    7a:55:f5:89:bb:fc:e8:bc:e8:ca:a4:89:94:a0:af:
                    41:0d:e2:49:20:42:3d:47:9a:4c:27:18:e2:0a:81:
                    9b:33:7c:66:27:48:ed:be:4b:01:13:37:28:70:6e:
                    1f:56:f8:7f:3d:68:d6:81:d0:4e:a5:c6:cc:80:35:
                    fc:8f:2f:22:0d:12:67:cd:59:b1:c4:60:54:20:24:
                    59:c2:56:8a:c3:6b:66:58:97:c0:e3:69:0b:e5:53:
                    dc:f4:ae:53:2f:c2:08:75:d9:f4:bf:be:e3:6a:7d:
                    c5:e8:61:5d:82:86:2e:a3:2d:ee:6a:38:31:6d:a2:
                    d9:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1D:3A:64:DD:D0:04:19:41:0B:35:D0:DF:C5:B1:BB:E5:B4:85:36
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/QB06ZN3QBBlBCzXQ38Wxu-W0hTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.118.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:56:97:91:c9:c9:47:74:6b:83:21:7c:68:46:5e:df:d2:23:
         30:09:66:f0:f2:09:a7:83:e0:b7:32:45:65:b8:7a:1a:af:19:
         67:39:ca:48:f1:3b:19:a4:88:6d:7e:e0:0b:16:66:9d:e2:5a:
         03:5f:c4:84:e9:6f:15:e9:f8:98:f7:fd:33:45:a0:8e:f0:01:
         a6:93:4a:fb:0a:ea:18:a0:ff:e3:58:1a:87:e2:d8:0a:71:0e:
         e3:9a:a9:9e:84:16:5f:c3:ac:2d:d3:b2:59:85:ee:58:d8:47:
         b6:6b:91:51:78:78:c6:03:21:7d:4a:56:e9:55:97:ca:74:6b:
         32:87:15:62:4a:ed:31:11:0b:81:6f:a1:4e:c9:04:bd:29:80:
         68:35:5e:fd:a1:f8:1a:77:84:aa:d4:46:55:5e:0f:90:d5:d7:
         25:a0:3f:35:37:22:b4:52:c3:81:a7:78:5a:2a:44:86:43:c1:
         d9:62:09:a0:98:89:17:a5:45:89:fd:2b:f4:ef:54:9a:ee:21:
         54:e6:38:47:34:f7:90:c1:16:88:8b:32:5f:fd:fa:f7:6a:42:
         19:f5:1e:6e:06:c0:0b:39:b8:fd:fa:7b:5d:64:a7:8e:bf:0e:
         46:02:34:20:cf:8a:b8:a3:09:b7:b0:f0:96:ee:9b:a3:7c:4e:
         74:bf:3a:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xh4Sf1vNpPDwxl32BEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjUwMTAxMjE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDFkM2E2NGRkZDAwNDE5NDEwYjM1ZDBkZmM1YjFiYmU1YjQ4NTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbQ/YZuDz/Al+gUdil0yYHSiBgHl
3OHalKk78ptE7UM78lB/bzu55dfDpGvu/qeoTgCQTl75t+iKMcrGCK7rPS1g858K
1um5t33k9r1HjlIydD04q5LGMlSSN9reT1EbtQObgM7hjUsRC0uWcCL2VU/Yqvnk
H8LoxEgKq19QiiKSkjLVGvp6VfWJu/zovOjKpImUoK9BDeJJIEI9R5pMJxjiCoGb
M3xmJ0jtvksBEzcocG4fVvh/PWjWgdBOpcbMgDX8jy8iDRJnzVmxxGBUICRZwlaK
w2tmWJfA42kL5VPc9K5TL8IIddn0v77jan3F6GFdgoYuoy3uajgxbaLZiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAdOmTd0AQZQQs10N/FsbvltIU2MB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvUUIwNlpOM1FCQmxCQ3pYUTM4V3h1LVcwaFRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Hb3MA0G
CSqGSIb3DQEBCwUAA4IBAQBgVpeRyclHdGuDIXxoRl7f0iMwCWbw8gmng+C3MkVl
uHoarxlnOcpI8TsZpIhtfuALFmad4loDX8SE6W8V6fiY9/0zRaCO8AGmk0r7CuoY
oP/jWBqH4tgKcQ7jmqmehBZfw6wt07JZhe5Y2Ee2a5FReHjGAyF9SlbpVZfKdGsy
hxViSu0xEQuBb6FOyQS9KYBoNV79ofgad4Sq1EZVXg+Q1dcloD81NyK0UsOBp3ha
KkSGQ8HZYgmgmIkXpUWJ/Sv071Sa7iFU5jhHNPeQwRaIizJf/fr3akIZ9R5uBsAL
Obj9+ntdZKeOvw5GAjQgz4q4owm3sPCW7pujfE50vzrg
-----END CERTIFICATE-----